Lucene search

K

EV0024.txt

🗓️ 22 Jan 2006 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

New eVuln Advisory for CaLogic Calendars XSS Vulnerabilitie

Show more
Code
`New eVuln Advisory:  
CaLogic Calendars Multiple XSS Vulnerabilities  
http://evuln.com/vulns/24/summary/bt/  
  
--------------------Summary----------------  
  
Software: CaLogic Calendars  
Sowtware's Web Site: http://www.calogic.de/  
Versions: 1.2.2  
Critical Level: Moderate  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
eVuln ID: EV0024  
  
-----------------Description---------------  
Most of user-defined variables are not properly sanitized. Most user data may contain html tags. Tag <script> is replaced by < script > But this is not enought to prevent posting a script code. User data may contain <iframe> tag.  
  
This can be used to post arbitrary html or script code which will be executed by browser of every visitor.  
  
--------------Exploit----------------------  
Example:  
  
Adding New Event page:  
  
Title value: <XSS>  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Jan 2006 00:00Current
7.4High risk
Vulners AI Score7.4
19
.json
Report